gcc generates prolog without rsp decrementing, i.e. allocates locals and parameters in free stack without privatising this stack
Andrew Thomas Pinski
pinskia@gmail.com
Mon Oct 6 16:01:00 GMT 2008
Sent from my iPhone
On Oct 6, 2008, at 5:09 AM, Denis <falling@pisem.net> wrote:
> Hi,
>
> I use gcc:
>
> [dnlarion@msteplxl5 ~]$ gcc -v
>
> Using built-in specs.
>
> Target: x86_64-suse-linux
>
> Configured with: ../configure --enable-threads=posix --prefix=/usr --
> with-local-prefix=/usr/local --infodir=/usr/share/info --mandir=/usr/
> share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64 --enable-
> languages=c,c++,objc,fortran,java,ada --enable-checking=release --
> with-gxx-include-dir=/usr/include/c++/4.1.0 --enable-ssp --disable-
> libssp --enable-java-awt=gtk --enable-gtk-cairo --disable-libjava-
> multilib --with-slibdir=/lib64 --with-system-zlib --enable-shared --
> enable-__cxa_atexit --enable-libstdcxx-allocator=new --without-
> system-libunwind --with-cpu=generic --host=x86_64-suse-linux
>
> Thread model: posix
>
> gcc version 4.1.0 (SUSE Linux)
>
> and trying to compile program:
>
> ################################
>
> void plus (long * a, long * b)
> {
> long aa = 10;
> long bb =10;
> *a += *b + aa + bb;
> }
>
>
>
> int main (){
>
> long a = 1;
>
> long b = 2;
>
> long *aa = &a;
>
> long *bb = &b;
>
> plus(aa,bb);
>
> }
>
>
>
> ######################################
>
>
>
> [dnlarion@msteplxl5 gc]$ gcc -S main.c
>
>
>
> But code produced for plus function is incorrect:
>
>
>
> .file "main.c"
>
> .text
>
> .globl plus
>
> .type plus, @function
>
> plus:
>
> .LFB2:
>
> pushq %rbp
>
> .LCFI0:
>
> movq %rsp, %rbp
>
> .LCFI1:
>
> ##################>>>>>>> As you can see here it allocates
> parameters and autos into stack minus shifts, that is free stack
> space. I.e. it didn.t reservation.
This is ok as the x86_64 ABI has a red zone. If you are running into a
problem, then your kernel is not following the ABI.
>
>
> movq %rdi, -24(%rbp)
>
> movq %rsi, -32(%rbp)
>
> movq $10, -16(%rbp)
>
> movq $10, -8(%rbp)
>
> movq -24(%rbp), %rax
>
> movq (%rax), %rdx
>
> movq -32(%rbp), %rax
>
> movq (%rax), %rax
>
> addq -16(%rbp), %rax
>
> addq -8(%rbp), %rax
>
> addq %rax, %rdx
>
> movq -24(%rbp), %rax
>
> movq %rdx, (%rax)
>
> leave
>
> ret
>
> .LFE2:
>
> .size plus, .-plus
>
> .globl main
>
> .type main, @function
>
> main:
>
> .LFB3:
>
> pushq %rbp
>
> .LCFI2:
>
> movq %rsp, %rbp
>
> .LCFI3:
>
> #################>>>>>>>>>> Here it does all correct . firstly
> reserve stack frame and then allocates autos and parameters there.
>
> subq $32, %rsp
>
> .LCFI4:
>
> movq $1, -24(%rbp)
>
> movq $2, -32(%rbp)
>
> leaq -24(%rbp), %rax
>
> movq %rax, -16(%rbp)
>
> leaq -32(%rbp), %rax
>
> movq %rax, -8(%rbp)
>
> movq -8(%rbp), %rsi
>
> movq -16(%rbp), %rdi
>
> call plus
>
> leave
>
> ret:
>
>
>
> The difference between functions is that main calls other function
> and .plus. does not.
>
>
>
> In my project I have kernel code that has a function w/o calls
> (memcpy) and it is compiled also incorrectly.
>
> And problem is that when *dst = *src executed . pagefault appeared,
> this pagefault works on the same stack and rewrites free space, i.e.
> rewrites locals of memcpy function.
>
> That results to crash on next read from src.
>
>
>
> So probably somebody knows how to solve this problem? I.ve explored
> gcc flags and didn.t find anything to solve it.
>
> I.ve also tried another gcc version :
>
>
>
> [dnlarion@msteplxl35 gc]$ gcc -v
>
> Reading specs from /usr/lib/gcc/x86_64-redhat-linux/3.4.5/specs
>
> Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
> --infodir=/usr/share/info --enable-shared --enable-threads=posix --
> disable-checking --with-system-zlib --enable-__cxa_atexit --disable-
> libunwind-exceptions --enable-java-awt=gtk --host=x86_64-redhat-linux
>
> Thread model: posix
>
> gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)
>
> Result is the same.
>
> Thank you in advance,
>
> Denis.
>
>
More information about the Gcc-bugs
mailing list